The hits just keep on coming for beleaguered Electronic Arts this month. After the meltdown of their SimCity launch, the company is now dealing with the resignation of their CEO and the announcement of a new security exploit that could harm users of EA’s Origin distribution platform.
CEO John Riccitiello announced the end of his six years at the helm of EA yesterday, according to the Wall Street Journal. The resignation goes into effect on March 30.
In his farewell letter to EA employees, Riccitiello cited the shortcomings in EA’s financial results as the primary reason for his departure.
“It currently looks like we will come in at the low end of, or slightly below, the financial guidance we issued to the Street, and we have fallen short of the internal operating plan we set one year ago. And for that, I am 100 percent accountable,” Riccitiello wrote.
Given the technical troubles the company has faced of late with the aforementioned release of SimCity, speculation will no doubt occupy industry analysts’ minds about the connection between the events. While it is doubtful SimCity’s problems were directly responsible for Riccitiello’s departure, it could have very well been the indirect straw that broke the camel’s back.
Meanwhile, at the Black Hat security conference in Amsterdam last week, researchers Donato Ferrante and Luigi Auriemma from security firm ReVuln demonstrated a zero-day exploit that could affect users of Origin, enabling malicious code from third-party servers to be downloaded onto a user’s machine rather than the gaming software they were looking for.
The vulnerability, which is related to a similar problem found with the Steam gaming platform, exploits a Uniform Resource Identifier flaw within the Origin client application that’s installed locally, a flaw that could enable attackers to manipulate an origin:// link that would normally be used to connect to the Origin service. By inserting a modified origin:// link, the exploit could enable the download of a Windows dynamic link library (DLL) file, which could effectively begin the process of owning a victim’s computer.
The ReVuln researchers’ report is compelling, but it is important to note that this exploit is only hypothesized at this point, and not something that has been seen in the wild yet. Still, Origin users should be sure they are always prompted for confirmation whenever they click a link that should go to the Origin service, just to be safe.